[Zope-dev] AUTHENTICATION_USER in standard_error_message cause by NotFound error

Tim Ansell mithro@senet.com.au
Thu, 11 Jan 2001 18:41:33 +1030


This is a multi-part message in MIME format.
--------------D6286197E5DAE47C978F0957
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

I appears last night i didn't test the diff...

This one should work without any editing...

Mithro

Tim Ansell wrote:

> Forgot to attach the diff....
>
> Forgive me it's 4:52am here....
>
> Mithro
>
> Tim Ansell wrote:
>
> > Oppps, just realised i've been replying only to myself :)
> >
> > Umm okay here is the diff, it is from version 2.2.4 but should apply to most
> > versions....
> > I have removed all the "print" debugging and cleaned up the formatting.
> >
> > Could people look it over and tell me if there are any hidden problems with it?
> > Is it done the right way?
> >
> > There seems to be a lot of repeated code between zpublisher_exception_hook and
> > ZPublisher.BaseRequest, maybe you want to put the auth stuff into it's own
> > function and work that way? Just an idea...
> >
> > Mithro
> >
> > > Tim Ansell wrote:
> > >
> > > > No further investigation i have found out that the part i really want to
> > > > modify is
> > > >
> > > >  zpublisher_exception_hook, which gets called when the error occurs
> > > >
> > > > Inside this functions there is a
> > > >
> > > >         if REQUEST.get('AUTHENTICATED_USER', None) is None:
> > > >             REQUEST['AUTHENTICATED_USER']=AccessControl.User.nobody
> > > >
> > > > which seems to explain why i'm getting the anonymous user for the errors.
> > > >
> > > > Is there anyway to add to this function the authentication routines so that
> > > > is AUTHENTICATED_USER is none it authentication is check with
> > > > standard_error_message being the object checked against?
> > > >
> > > > Am i making any sense?
> > > >
> > > > I'm going to give it a go and see what happen...
> > > >
> > > > Mithro
> > > >
> > > > Tim Ansell wrote:
> > > >
> > > > > <newbie alert>
> > > > >
> > > > > Hello.
> > > > >
> > > > > I've been using zope for a couple of months, i have found zope to be a
> > > > > great product and thank you for creating it. Currently i have run into a
> > > > > problem, i need to access the AUTHENTICATED_USER in a
> > > > > standard_error_message called by notFoundError in BaseRequest.
> > > > >
> > > > > I was wondering if the authentication routine can be added before the
> > > > > authentication routine in BaseRequest? Or if this is not possible it
> > > > > could be split into a function and and call it before the notFoundError
> > > > > call as well?
> > > > >
> > > > > There are many reasons you might want to do this, i have listed some
> > > > > below:
> > > > >
> > > > > * You want list possible urls the reader could have meant but don't want
> > > > > to show let Anonymous users see possible privileged urls
> > > > >
> > > > > * You want to provided different error messages for different people,
> > > > > i.e. a more advanced error for coders, a simple error for html writer, a
> > > > > special error for normal people
> > > > >
> > > > > * You wanted errors to only be reported it they where caused by certain
> > > > > users
> > > > >
> > > > > and the list could go on....
> > > > >
> > > > > Mithro
> > > > >
> > > > > </newbie aler>
> > > > >
> > > > > _______________________________________________

--------------D6286197E5DAE47C978F0957
Content-Type: text/plain; charset=us-ascii;
 name="SEM_new_auth.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="SEM_new_auth.diff"

--- ./__init__.py.original	Wed Jan 10 23:13:53 2001
+++ ./__init__.py	Wed Jan 10 23:45:28 2001
@@ -162,6 +162,9 @@
 class RequestContainer(ExtensionClass.Base):
         def __init__(self,r): self.REQUEST=r
 
+from ZPublisher.BaseRequest import old_validation
+UNSPECIFIED_ROLES=''
+
 def zpublisher_exception_hook(
     published, REQUEST, t, v, traceback,
     # static
@@ -208,11 +211,79 @@
                 break
 
         client=published
+
+	auth=REQUEST._auth
+
+        user=groups=None
+
+        while 1:
+	    if REQUEST.get('AUTHENTICATED_USER', None) is None:
+                # Do authentication here....
+		r = getattr(client, '__roles__', UNSPECIFIED_ROLES)
+	        if r is not UNSPECIFIED_ROLES:
+                    roles = r
+                elif not got:
+                    roles = getattr(client, entry_name+'__roles__', roles)
+
+                if roles:
+                    if hasattr(client, '__allow_groups__'):
+                        groups=client.__allow_groups__
+                        
+                        if hasattr(groups, 'validate'): v=groups.validate
+                        else: v=old_validation
+                        
+                        if v is old_validation and roles is UNSPECIFIED_ROLES:
+                            print "Validation and UNSEPCIFIED_ROLES is okay"
+                            # No roles, so if we have a named group, get roles from
+                            # group keys
+                            if hasattr(groups,'keys'): roles=groups.keys()
+                            else:
+                                try: groups=groups()
+                                except: pass
+                                try: roles=groups.keys()
+                                except: pass
+                                
+        	                if groups is None:
+	                            # Public group, hack structures to get it to validate
+	                            roles=None
+	                            auth=''
+                                    
+                        if v is old_validation:
+                                user=old_validation(groups, request, auth, roles)
+                	elif roles is UNSPECIFIED_ROLES: user=v(request, auth)
+    	                else: user=v(REQUEST, auth, roles)
+
+	                if hasattr(client, '__allow_groups__') and user == None:
+                                groups=client.__allow_groups__
+                                if hasattr(groups,'validate'):
+                                    v=groups.validate
+                                else:
+                                    v=old_validation
+                                    if v is old_validation:
+                                        user=old_validation(groups, REQUEST, auth, roles)
+                                    elif roles is UNSPECIFIED_ROLES:
+                                        user=v(REQUEST, auth)
+                                    else: 
+                                        user=v(REQUEST, auth, roles)
+                                        
+                if user is not None:
+                    REQUEST['AUTHENTICATED_USER']=user
+
+            try:
+                client=getattr(client, 'aq_parent', None)
+                if client is None: raise
+            except:
+                break
+
         while 1:
             if getattr(client, 'standard_error_message', None) is not None:
                 break
-            client=getattr(client, 'aq_parent', None)
-            if client is None: raise
+            try:
+                client=getattr(client, 'aq_parent', None)
+                if client is None: raise
+            except:
+       	        break
+
 
         if REQUEST.get('AUTHENTICATED_USER', None) is None:
             REQUEST['AUTHENTICATED_USER']=AccessControl.User.nobody

--------------D6286197E5DAE47C978F0957--